Since the /dev/vhost-net device is owned by root, we cannot used
vhost-net networking in rootless mode. Instead of having to
do this manually in the toml, disable vhost-net when the runtime
detects it is running rootless.
Fixes#2321
Signed-off-by: Archana Shinde <archana.m.shinde@intel.com>
Commit 89e0dfae11 ("qemu: stop qemu process when virtiofsd quits")
stops sandbox when virtiofsd quits so that virtiofs mount inside guest
won't hang. But commit d5a3d0a61c ("virtiofs: use virtiofsd
--fd=FDNUM") deleted this monitor logic.
Add the Scanner back to monitor virtiofsd's stderr and stop sandbox if
Scanner returns error.
Note that we don't monitor the virtiofsd process itself is because
virtiofsd may be live-upgraded (when available) and the original
process may quit, but virtiofs service is still running.
Fixes: #2315
Signed-off-by: Eryu Guan <eguan@linux.alibaba.com>
Add a standard `SetLogger()` call to allow the `compatoci` package to be
provided a base logger which it can then customise.
Fixes: #2305.
Signed-off-by: James O. D. Hunt <james.o.hunt@intel.com>
We can use map from Source to Mount as ignoredMounts representation.
Inner loop in kataAgent#removeIgnoredOCIMount is removed.
Fixes#2299
Signed-off-by: Ted Yu yuzhihong@gmail.com
tabs should only appear in rules, not in ifeq/ifneq blocks
(since otherwise make can get very confused on error).
Signed-off-by: Julio Montes <julio.montes@intel.com>
Emacs (the good and infalible text editor) detects a suspicious line in
Makefile, this line contains both space and tab (something that could be
introduced by a less sophisticated text editor) that is not correct
for a Makefile.
fixes#2286
Signed-off-by: Julio Montes <julio.montes@intel.com>
- added clh unit tests
- removed some inconsistencies in the cli builder to enable unit tests
- suppressed version check for in startSandbox to enable unit tests
- added clh related constants and methods to virtcontainer test
- small corrections after review applied
Fixes: #2205
Signed-off-by: Johan Kuijpers <johan.kuijpers@ericsson.com>
Don't hot add again non-running container resources to avoid having extra
and useless resources
fixes#2186
Signed-off-by: Julio Montes <julio.montes@intel.com>
GetOCISpec returns a patched version of the original OCI spec, it was modified
to support:
* capabilities
* Ephemeral storage
* k8s empty dir
In order to avoid consusions and make api clear, rename GetOCISpec
to GetPatchedOCISpec and ContainerConfig.Spec to ContainerConfig.CustomSpec
fixes#2252
Signed-off-by: Julio Montes <julio.montes@intel.com>
Currently kata-runtime saves the Container OCI Spec even when it's not needed
and a comment in `ContainerConfig struct` specifically indicates that
it won't be saved to disk.
Use '-' as json tag instead of '_' to indicates that `Spec` field shouldn't
be saved to disk.
fixes#2256
Signed-off-by: Julio Montes <julio.montes@intel.com>
